diff --git a/infra/main/main.tf b/infra/main/main.tf index c362e4a..5162ba2 100644 --- a/infra/main/main.tf +++ b/infra/main/main.tf @@ -57,10 +57,29 @@ module "digitalocean_database_cluster" { digitalocean_region = var.region } -# TODO: make it output a Kubernetes Secret in env var format, can be piped into -# `jq .database_users.value.forgejo | sops --encrypt` for nice secret gen -# Ref: https://github.com/RyanSquared/gitops/blob/b8305292f215f6fe0bed170550b9b869302ab9e2/environments/production/kustomizations/forgejo/forgejo-config.enc.yaml +# `jq .database_users.value.forgejo | sops --encrypt` output "database_users" { - value = module.digitalocean_database_cluster.database_users + value = { + for db_user in module.digitalocean_database_cluster.database_users: + db_user.name => { + apiVersion = "v1", + kind = "Secret", + metadata = { + name = "database-configuration", + }, + stringData = { + name = db_user.name, + dbname = db_user.name, + host = module.digitalocean_database_cluster.database_cluster.private_host, + port = module.digitalocean_database_cluster.database_cluster.port, + password = db_user.password, + } + } + } + sensitive = true +} + +output "database" { + value = module.digitalocean_database_cluster.database_cluster sensitive = true }